Databases Reference
In-Depth Information
NOTE
HTTP is not secure and can be easily intercepted by a third party. Data transmitted
over HTTP is not encrypted when basic authentication is used, so the username and
password you include as part of the connection string can be easily seen. Basic
authentication over HTTP is considered a highly volatile authentication mechanism. It's
better to use the secure version of HTTP:
HTTPS
. HTTPS encrypts all data sent
between a client application and IIS.
External Data Access Security
For many operations, Analysis Services requires access to various external sources and
operating system resources. To load data in a cube, for example, Analysis Services might
need to access a relational database and to store cube data it needs to access the file
system. For Analysis Services to access external data successfully, you must set up the
external data access security in such a way that Analysis Services can get access to all the
resources it needs.
Choosing a Service Logon Account
Analysis Services runs as a Windows service. When you are running setup for SQL Server,
you are asked to select the account your Analysis Services service will run under. You can
choose one of the following three types of account: the built-in system account, a domain
user account, or a local user account. For the built-in system account, you can use the
LocalSystem
,
LocalService
, or
NetworkService
account.
Each of these account types has benefits and drawbacks:
.
A
LocalSystem
account is a high-privileged account that has access to all the
resources of the computer. We do not recommend running Analysis Services under
this type of account because in case of malicious attack compromised Analysis
Services can grant complete control over your computer.
.
A user domain account is the best choice. On one hand, it allows you to define
access rights to system resources. On the other hand, it allows you to establish access
to external data sources. For example, you can use this account to grant access to
SQL Server data using Windows authentication.
.
A local user account is an account you create on a local computer to run Analysis
Services. You grant this account only the rights necessary to run Analysis Services.
With a local user account, you can set up the access to operating system resources,
but harder to grant access to external data sources because account local to particular
machine is not visible to other machines.
Your choice of account type will be influenced by a number of considerations:
.
If you provide a service logon account that allows too many privileges and a secu-
rity attack compromises your service, an attacker could gain easy access to
computer resources.
Search WWH ::
Custom Search